Vulnerability CVE-2018-5750
Published: 2018-01-26

Description:
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Redhat -> Virtualization host 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server eus 
Redhat -> Enterprise linux server tus 
Redhat -> Enterprise linux workstation 
Linux -> Linux kernel 
Debian -> Debian linux 
Canonical -> Ubuntu linux 

 References:
http://www.securitytracker.com/id/1040319
https://access.redhat.com/errata/RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:2948
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
https://patchwork.kernel.org/patch/10174835/
https://usn.ubuntu.com/3631-1/
https://usn.ubuntu.com/3631-2/
https://usn.ubuntu.com/3697-1/
https://usn.ubuntu.com/3697-2/
https://usn.ubuntu.com/3698-1/
https://usn.ubuntu.com/3698-2/
https://www.debian.org/security/2018/dsa-4120
https://www.debian.org/security/2018/dsa-4187
Copyright 2024, cxsecurity.com

 

Back to Top